Lucene search
K
VastalPhpvid

5 matches found

CVE
CVE
added 2008/09/22 4:20 p.m.64 views

CVE-2008-4157

CVE-2008-4157 documents an SQL injection in phpVID (Vastal I-Tech) groups.php via the cat parameter affecting PHPVID 1.1 and later 1.2.3. Connected records confirm related SQL injection issues in phpVID 1.2.3 via the n parameter (and note that the cat vector is already covered by CVE-2008-4157), ...

7.5CVSS8.1AI score0.05648EPSS
CVE
CVE
added 2013/08/19 8:0 p.m.60 views

CVE-2013-5312

CVE-2013-5312 affects Vastal I-Tech phpVID 1.2.3 with multiple XSS vulnerabilities. The issue arises from user-supplied inputs in two pages: browse_videos.php (parameter n) and groups.php (parameter cat), enabling remote attackers to inject arbitrary web script or HTML. The connected documents co...

4.3CVSS5.9AI score0.03217EPSS
CVE
CVE
added 2013/08/19 8:0 p.m.51 views

CVE-2013-5311

CVE-2013-5311: Affected software is Vastal I-Tech phpVID 1.2.3. The vulnerability is SQL injection via the n parameter in browse_videos.php and members.php (cat parameter noted as covered by CVE-2008-4157). Impact is remote SQL command execution as described in the public records. Connected docum...

7.5CVSS8.6AI score0.02279EPSS
CVE
CVE
added 2015/03/20 2:0 p.m.49 views

CVE-2015-2563

CVE-2015-2563 describes an SQL injection in the Vastal I-Tech phpVID web app (versions 0.9.9 and 1.2.3) specifically in the groups.php script. The vulnerability is triggered via the order_by parameter, allowing remote attackers to execute arbitrary SQL commands. The note indicates the cat paramet...

7.5CVSS8.5AI score0.02173EPSS
CVE
CVE
added 2008/05/19 10:0 a.m.37 views

CVE-2008-2335

The CVE-2008-2335 entry describes a cross-site scripting (XSS) vulnerability in Vastal I-Tech phpVID 1.1 and 1.2 (also reported for 1.2.3) where an attacker can inject arbitrary script/HTML via the query parameter in search_results.php. Affected software: phpVID 1.1, 1.2 (and 1.2.3 per notes). Th...

4.3CVSS5.7AI score0.04006EPSS